beam-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Updated] (BEAM-488) Remove KEYS file
Date Wed, 27 Jul 2016 17:15:20 GMT

     [ https://issues.apache.org/jira/browse/BEAM-488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jean-Baptiste Onofré updated BEAM-488:
--------------------------------------
    Fix Version/s: 0.2.0-incubating

> Remove KEYS file
> ----------------
>
>                 Key: BEAM-488
>                 URL: https://issues.apache.org/jira/browse/BEAM-488
>             Project: Beam
>          Issue Type: Task
>          Components: project-management
>    Affects Versions: Not applicable
>            Reporter: Daniel Halperin
>            Assignee: Jean-Baptiste Onofré
>             Fix For: 0.2.0-incubating
>
>
> http://mail-archives.apache.org/mod_mbox/incubator-general/201606.mbox/%3CCAAS6=7hVLcw6060Un7sXxk+WLLh08DFOSWktC0Aam4F=DyE0xA@mail.gmail.com%3E
> > Bundling PGP keys inside a package is worse than worthless -- an attacker can
> just bundle spoofed keys with a bogus distro!  Keys need to be made available
> from a highly reliable, separate server: Download the main package from a
> mirror, get PGP keys from apache.org, pgp.mit.edu, etc. and verify.
> > 
> > The KEYS file within the Beam source tree should be deleted.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message